User Management
User Management in CertiNext enables administrators to securely onboard users, assign appropriate roles, and control access to certificates, keys, and trust operations. Given the sensitive nature of certificate and cryptographic lifecycle activities, user management is designed around least-privilege access, clear accountability, and operational segregation.
This ensures that users can perform only the actions required for their role, while all activities remain traceable and auditable.
Adding Users
Administrators can add users to CertiNext by providing basic identity and contact information, including:
Name and Email Address (mandatory)
Mobile Number (optional, used for notifications or authentication where applicable)
Designation and Employee ID (optional, for organizational context and audit clarity)
Once added, users receive access based on the roles, groups, and tags assigned to them.
Role Assignment
Every user must be assigned a role, which determines the actions they are allowed to perform within CertiNext. Roles are predefined to align with common operational responsibilities, such as administration, certificate management, discovery, or read-only access.
Role assignment ensures:
Separation of duties between administrators, operators, and auditors
Controlled access to sensitive CA and key operations
Reduced risk of accidental or unauthorized changes
Roles can be updated at any time as responsibilities change.
Group-Based Access Control
Users can be restricted to specific groups, limiting their visibility and actions to certificates, organizations, domains, and products associated with those groups.
Group-based access is commonly used to:
Delegate certificate management to specific teams or business units
Separate responsibilities across applications, environments, or regions
Maintain centralized governance while enabling decentralized operations
If group restriction is not enabled, the user inherits access based on their assigned role.
Tag-Based Access Control
In addition to groups, CertiNext supports tag-based access restriction. Users can be limited to managing only certificates and discoveries associated with specific reporting tags.
This is especially useful for:
Environment isolation (e.g., production vs test)
Project- or application-specific ownership
Controlled access to discovered certificates
Tag-based access works in conjunction with roles and groups to provide fine-grained control.
Discovery-Specific Access
CertiNext allows assignment of Discovery User roles for users who are responsible only for certificate discovery and inventory activities. This enables teams to identify and classify certificates without granting broader lifecycle or administrative permissions.
User Lifecycle Management
Administrators can:
Activate or deactivate users as needed
Modify roles, group access, and tag restrictions
Maintain up-to-date ownership and responsibility mappings
All changes to user access and roles are logged for audit and compliance purposes.
Auditability and Compliance
Every user action—such as logins, certificate requests, approvals, and configuration changes—is recorded in the audit logs. This ensures:
Full traceability of actions to individual users
Accountability during audits and investigations
Alignment with internal governance and regulatory requirements
Why User Management Matters
Effective user management helps organizations:
Prevent unauthorized certificate issuance or changes
Reduce operational and security risk
Enforce governance and compliance policies
Scale certificate operations across teams safely
User Management as a Trust Control
In CertiNext, user management is treated as a core trust control, not just an administrative feature. By combining role-based access, group and tag restrictions, and full auditability, CertiNext enables secure collaboration across teams while protecting the integrity of certificate and cryptographic operations.
Last updated